MX2008004765A - System and method for providing secure data transmission - Google Patents

System and method for providing secure data transmission

Info

Publication number
MX2008004765A
MX2008004765A MXMX/A/2008/004765A MX2008004765A MX2008004765A MX 2008004765 A MX2008004765 A MX 2008004765A MX 2008004765 A MX2008004765 A MX 2008004765A MX 2008004765 A MX2008004765 A MX 2008004765A
Authority
MX
Mexico
Prior art keywords
computer
data
further characterized
application program
received
Prior art date
Application number
MXMX/A/2008/004765A
Other languages
Spanish (es)
Inventor
William Zimman Christopher
William Hook James
Dulai Dharmender
Original Assignee
Bloomberg Lp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Bloomberg Lp filed Critical Bloomberg Lp
Publication of MX2008004765A publication Critical patent/MX2008004765A/en

Links

Abstract

A system and method are provided, embodiments of which comprise encrypting input data based on authorization from an application program launched on a local computer device by a user. The encrypted input data that is generated by the user is sent to a network communication interface associated with the local computer device for transmission to a remote computer device. At the remote computer the received input data is decrypted, whereby based on the decrypted input data the remote computer generates encrypted response data that is associated with the decrypted first data. The encrypted response data is sent from the remote computer to the local computer, where the encrypted response data is received via the network communication interface associated with the local computer and decrypted. The local computer displays the decrypted response data on a display.

Description

SYSTEM AND METHOD FOR PROVIDING SECURE DATA TRANSMISSION Copyright and legal notices A part of the description of this patent document contains material that is subject to copyright protection. The owner of the copyright has no objection to the facsimile reproduction by any of the patent document or the patent description, as it appears in the archives or records of the Patent and Trademark Office, but in any way reserves all copyrights. BACKGROUND OF THE INVENTION The present invention relates generally to a system and method for exchanging information routes to match certain communication modes, and more particularly, to provide secure or unsecured communication routes based on whether it is required. secure or unsecured communication. BRIEF DESCRIPTION OF THE INVENTION In accordance with one embodiment of the present invention, a method for communicating data is provided. The method may include receiving data from one or more input devices and transmitting the data to a first computer, if a first indication of a first communication mode has been selected from the first computer. The data can be transmitted to a second computer, if a second indication that a second mode of communication has been selected has been received from the first computer. According to another embodiment of the present invention, the first computer can send the first indication in response to a user activating the first application program on the first computer, whereby the first computer can send the second indication in response to the user which activates a second application program on the first computer. According to another embodiment of the present invention, a response to the data transmitted from the second computer can be received, if the second indication has been received from the first computer. The received response can be transmitted to the first computer, if the second indication has been received from the first computer. According to another embodiment of the present invention, transmitting the data to a second computer may include transmitting the data to a second computer using a network interface of the first computer, and receiving a response includes receiving a response to the transmitted input data. from the second computer using the network interface of the first computer. According to another embodiment of the present invention, transmitting the input data to a second computer may include encrypting the data, and transmitting the encrypted data to the second computer. According to another embodiment of the present invention, the response received from the second computer may be encrypted. Also, transmitting the received response to the first computer may include decrypting the received response, and transmitting the received response decrypted to the first computer. According to another embodiment of the present invention, a system for communicating data comprising at least one first computer can be programmed to receive data from one or more input devices and transmit the data to a second computer, if a first indication that a first mode of communication has been selected has been received from the second computer. The data can be transmitted to a third computer, if a second indication that a second mode of communication has been selected has been received from the second computer. According to another embodiment of the present invention, the second computer can send the first indication in response to a user activating the first application program on the second computer; and the second computer can send the second indication in response to the user activating a second application program on the second computer. According to another embodiment of the present invention, the first computer can be programmed to receive a response to the data transmitted from the third computer, if the second indication has been received from the second computer. The received response can be transmitted to the second computer, if the second indication has been received from the second computer. According to another embodiment of the present invention, the first computer is programmed to transmit the data to the third computer using a network interface of the second computer. The transmitted data is received from the third computer using the network interface of the second computer. According to another embodiment of the present invention, the first computer is programmed in such a way that transmitting the data to a third computer can include encrypting the data, and transmitting the encrypted data to the third computer. According to another embodiment of the present invention, the response received from the third computer is encrypted, and the first computer is programmed in such a way that transmitting the received response to the second computer can include decrypting the received response; and transmit the decrypted received response to the second computer. In accordance with another embodiment of the present invention, a method is provided for providing data communication over a communication network using an encryption device. The method may include encrypting first data based on the encryption device that authenticates a user, wherein the first encrypted data may be sent from the encryption device to an interface associated with a first computer for transmission to a second computer. In the second computer, the first encrypted data can be deciphered and second encrypted data can be generated in response to the first decrypted data. The second generated encrypted data can be sent to the interface associated with the first computer for transmission to the encryption device, wherein in the encryption device the second encrypted data sent, received by means of the interface associated with the first computer can be deciphered The first computer can execute an operation based on the second decrypted data. In accordance with another embodiment of the present invention, user authentication may include loading an application program to initiate an authentication process. According to another embodiment of the present invention, the authentication process may include the loaded application program that provides the connection state between the encryption device and the first computer. In accordance with another embodiment of the present invention, the authentication process may include reading and detecting a fingerprint pattern associated with the user upon receipt of a request generated by the application program. According to another embodiment of the present invention, the second deciphered data may include displaying the data generated in response to the first data processed by the second computer.
According to another embodiment of the present invention, the interface may include an interface with universal serial bus (USB) and a network interface. According to another embodiment of the present invention, the first data may be generated by a keyboard, a mouse, and / or a peripheral device. According to another embodiment of the present invention, a method is provided for data communication between a first and a second computer over a communication network using an encryption device coupled to the first computer. The method may include encrypting first data in the encryption device based on an application program associated with the data communication that is active, wherein the first encrypted data may be sent from the encryption device to an interface associated with the first computer for transmission to the second computer. In the second computer the first encrypted data can be decrypted and second encrypted data can be generated in response to the first decrypted data, wherein the second generated encrypted data can be sent to the interface associated with the first computer for transmission to the device. encryption In the encryption device, the second encrypted data sent, received by means of the interface associated with the first computer, can be decrypted, wherein the encryption device can provide the second decrypted data to the first computer for disposition by the first computer. According to another embodiment of the present invention, the first data may be generated by a keyboard, a mouse, and / or a peripheral device. According to another embodiment of the present invention, the application program can reside on the first computer and communicate with a second application program resident on the second computer. The second application can generate the second data and the application program on the first computer can display the second decrypted data. According to another embodiment of the present invention, the application program can reside in the encryption device and can communicate with a second application program, wherein the second application can generate the second data and the application program in the device encryption can show the decrypted second data. According to another embodiment of the present invention, the communication network can include the internet. According to another embodiment of the present invention, encrypting first data may include encrypting first data in the encryption device based on a window associated with the application program that is focused. In accordance with another embodiment of the present invention, a secure system is provided for generating secure data transmission over a communication network between a first computer and a second computer. The device may include a switching device adapted to receive first data from one or more input devices; an encryption device adapted to receive the first data sent from the switching device to encrypt the first received data based on an application program associated with the secure data transmission that is active; an interface associated with the first computer adapted to receive the first encrypted data for transmission over the communication network to the second computer, wherein the second computer can receive the first encrypted data and generates second encrypted data; and a display device associated with the first computer. The second decrypted data generated in the second computer can be received by the interface from the communication network and sent to the switch to be sent, wherein the switch can send the decrypted second data to the encryption device to decrypt the decrypted second data. The switch can send the decrypted second data from the encryption device to the first computer for display on the display device. According to another embodiment of the present invention, the interface may include a network interface. According to another embodiment of the present invention, a biometric authentication device may be in communication with the application program that requests the user to perform an authentication process. The encryption device can authenticate the user before encrypting the input data. According to another embodiment of the present invention, the biometric authentication device may include a fingerprint reader. According to another embodiment of the present invention, the switch device may include a USB controller to provide data switching between the one or more input devices, the first computer, and the encryption device. According to another embodiment of the present invention, a method provides security to an application in communication with a server that receives inputs from an input device that works with a client computer and displays information on a display device that works with the client computer . The method may include encrypting data relating to the application entered through the input device without providing the data entered unencrypted to the client computer. The encrypted data is transmitted over a network to the server, where the encrypted data transmitted to the server is decrypted. The server can operate on decrypted data and can provide data to display on the client computer. The data provided by the server can be transmitted to display on the display device of the client computer, where the display device can display the transmitted data provided by the server.
According to another embodiment of the present invention, the data provided by the server can be encrypted before transmitting this data to the client computer, and this data can be decrypted after the transmission and before displaying it. The decrypted data can be displayed on the display device of the client computer. According to another embodiment of the present invention, the encrypted data transmitted to the client computer can be decrypted independently of the client computer and this decrypted data can be provided to the client computer for display on the display device. According to another embodiment of the present invention, the input device may include a keyboard, and / or a pointer. According to another embodiment of the present invention, there is provided a method for a client computer to interact with a plurality of applications and to provide security to at least one application of the one or more applications that communicate with a server that receives inputs from an input device that works with the client computer. The method may include the following steps. If the at least one application includes a window that focuses on the client computer, data relating to the at least one application entered through the input device may be encrypted without providing the data entered unencrypted to the client computer. The encrypted data can be transmitted over a network to the server, where the encrypted data transmitted to the server can be decrypted. The server operates on the decrypted data and can provide data for the client computer to operate on them. The supplied data can be transmitted to the client computer, where the client computer can operate on the supplied data. If the at least one application does not include a window that focuses on the client computer, the data entered through the input device can be provided to the client computer without encryption for disposition by the client computer. According to another embodiment of the present invention, the data referring to the selected application in a device coupled to the input device and the client computer may be encrypted. According to another embodiment of the present invention, a keyboard output may be coupled to an output of the device that is coupled to the client computer for operation with the at least one active operation when the window associated with the at least one active operation is focused. According to another embodiment of the present invention, the keyboard output can be automatically coupled to the output of the device that is coupled to the client computer when the window associated with at least one active application is focused. BRIEF DESCRIPTION OF THE DRAWINGS The invention is illustrated in the figures of the accompanying drawings, which are examples and not limiting, and in which similar references refer to similar or corresponding parts. Figure 1 is a block diagram illustrating a data communication system according to an embodiment of the present invention; Figure 2 is a block diagram illustrating a data communication system comprising a switching system according to an embodiment of the present invention; Figure 3 is a schematic diagram illustrating the secure transmission path of a data communication system according to an embodiment of the present invention; Figures 4A-4B are flow charts illustrating the operation of the switching system in a safe mode of operation according to an embodiment of the present invention; Figures 5, 6, 7, and 8 are flowcharts that illustrate a method by which a data communication system operates the application program in safe mode and the switching system based on the window approach of the program. application according to one embodiment of the present invention; Figure 9 is a block diagram illustrating the components of the switching system according to an embodiment of the present invention; Fig. 10 is a block diagram of a USB driver device according to an embodiment of the present invention; and Figures 1 1 A and 1 1 B are block diagrams of the system illustrating alternative embodiments of systems incorporating the switching system according to one embodiment of the present invention. DETAILED DESCRIPTION OF THE INVENTION Figure 1 illustrates a data communication system (10) according to one embodiment of the present invention. Data communication system (1 0) includes a user computer (1 2), a computer (1 8) to be accessed (also called "Accessed computer"), a network (20), and a switching system ( 22). The user computer (12) can include any computer that can be operated by a user. In one embodiment of the invention, the user computer (1 2) is also capable of receiving and acting on data from other computers. For example, the user computer (12) may include a personal computer, a workstation, or a PDA, capable of receiving and displaying data received from a server. One or more output devices (14) may be associated with the user computer (1 2) to provide an output to a user, for example, on the screen or in a printer. Also, one or more data entry devices (1 6), such as a mouse and / or a keyboard, can be in communication with the user computer (1 2) through the switching system (22).
In one embodiment of the invention, the user computer (1 2) also includes a functionality to indicate to the switching system (22) that one of a plurality of communication modes is desired. Each communication mode, for example, can be characterized by a different communication destination, such as a different computer at the receiving end of the communication. For example, when the user computer (1 2) is able to simultaneously run more than one application program, the user computer (1 2) can provide an indication to the switching system (22) that a first, a second is desired. or a third mode of communication based on whether an application program of a first, a second or a third set of application programs is active, respectively. For example, an active application program may include an application program window that is focused. The computer accessed (1 8) can include any computer that can communicate with other computers. For example, the accessed computer (1 8) can include a server capable of communicating with clients through a network. If desired, the accessed computer (1 8) can communicate with other computers securely, for example, using encryption and decryption. The accessed computer (18) is in communication with the switching system (22) through the Network (20). Network is used here broadly to include any communication route through which computer systems may communicate, including, but not limited to, one or more of the following: private, dedicated telecommunication lines, wired LAN and WAN and wireless, and internet. In addition, the network through which the switching system (22) communicates with the accessed computer (18) can include a user computer (12). For example, as shown in Figure 2 and described in more detail below, the switching system (22) can be in communication with the accessed computer (18) by means of a user computer (12) and a network that it provides a communication route between the user computer (12) and the accessed computer (18), for example, the network (24). Communication path refers here to a physical communication path, a logical communication path, or combinations of them. The switching system (22) provides communication routes between the input device (s) (16) and the user computer (12) and between the input devices (16) and the accessed computer (18) (via a network). (twenty)). The switching system (22) functions to (a) dynamically exchange the input device (s) (16) between these communication routes based on indication of which of a plurality of Page 1 1 of 46 BRMFSi 948930v.i Express Mail No.: EV330374455US communication modes are desired, and (b) transmit data from the device or input devices (16) to the computing system at the receiving end of the active communication path. As previously mentioned, the switching system (22) can receive the indication of which of a plurality of communication modes is desired from the user computer (12). For example, the user computer (12) may send an indication to the switching system (22) that a first communication mode is desired based on an application of a first set of applications that are active and, upon receipt of this indication, the switching system (22) can make the communication path between input device (s) (16) and the user computer (12) active. When the user computer (12) sends an indication to the switching system (22) that a second communication mode is desired based on an application of a second set of applications that are active, the switching system (22) can do that the communication path between the input device (s) (16) and the accessed computer (18) is activated. According to one embodiment of the invention, in a communication mode where the communication path between the input device (s) (16) and the accessed computer (18) is active, the switching system (22) can also function to receive data from the accessed computer (18) and forward the received data to the user computer (12). For example, continuing with the previous example where the user computer (12) sends an indication for a second communication mode based on an application of a second set of applications that is active, the switching system (22) can transmit data from the input device (16) to the accessed computer (18) that processes the data and sends a response back to the switching system (22). The switching system (22) can then transmit the response to the user computer (12), for example, up to the application of the second set of applications that is active, so that it performs an action, for example, a notification to the user. If desired, the switching system (22) can communicate with other computer systems in a secure manner, for example, using encryption and decryption. Thus, in the previous example, the switching system (22) can encrypt the data coming from the input device (s) (16) before transmitting them to the accessed computer (18) over the network (20). The accessed computer (18) can then decrypt the data, process it, and transmit an encrypted response back to the switching system (22). The switching system (22) can then decrypt this response before transmitting it to the user computer (12). The switching system (22) can include any computer system capable of performing the functions described above. These functions can be implemented through hardware or software or combinations of them. Examples of different modes of the switching system (22) and components that can perform the above functions are described in more detail below. While Figures 1 and 2 show a single accessed computer (18), any number of these systems can be accommodated within the invention with the switching system (22) by dynamically exchanging the input device (s) (16) between routes of communications for each one in a manner similar to that described above. For example, five communication modes may correspond to communication paths between input device (s) (16) and five different communication destinations, such as the user computer (12) and four different accessed computers, respectively. Computer is used here broadly to mean computer hardware and software or only computer software. For example, the four access computers mentioned above can be separate server applications co-resident on the same hardware platform. The embodiments of the invention described above can be advantageous in situations where a user wishes to have access to a computer, for example, the accessed computer (18), but the user's computer, for example, the user computer (12), does not It is a reliable computer. For example, the user's computer may be vulnerable to attacks from outside, for example, from viruses, where data entering the computer, such as keystrokes, can be monitored and transmitted to a third party. In this case, according to the embodiments of the invention described above, when the user tries to access the accessed computer (1 8) for example, by means of a corresponding client application on the user computer (1 2), the switching system (22) can direct data from the input device (s) (1 6) to the accessed computer (18) to process and send the response received from the accessed computer (1 8) to the client's request on the user computer ( 1 2) to take an action, for example, a warning to the user. Thus, in this case, the data entry of the intended user for the computer to be accessed is not sent through the user's computer and may not be vulnerable to the aforementioned attacks. As mentioned earlier, the accessed computer (18) can communicate with other computers securely, for example, using encryption and decryption. For example, the access system (1 8) and the user computer (12) can communicate securely using the Transport Layer Security (TLS) protocol. Figure 3 illustrates a data communication system according to an embodiment of the invention that provides secure communication. The data communication system (1 00) includes a switching system (1 02), as previously described. As shown in the embodiment of Figure 3, the switching system (1 02) includes a data switching device (1 04) and an encryption device (1 06). The secure communication system (1 00) also includes a user computer (1 08) and an access computer (1 10), as described above. As shown in Figure 3, the user computer (108) is in communication with the accessed computer (1 1 0) through the network (1 1 2). In the embodiment of Figure 3, a display device (1 1 4) is associated with the user computer (1 08), and one or more data entry devices such as a mouse (1 1 6) and / or a keyboard (1 18). According to the embodiment of Figure 3, the accessed computer (1 1 0) may include one or more servers. Other devices that provide input data can be used alternatively. For example, in addition to, or in place of the keyboard (1 1 6) and mouse (1 1 8), data can be entered using a touch screen, speech recognition system, and / or other peripheral device capable of providing input data. Data communication between the various system components (1 00) are designed along communication routes P1, P2, P3, P4, and P5, each of which may include physical or logical communication routes, or combinations of them, as previously mentioned. Each route may employ different means of communication, for example fiber optic media, wireless means (eg, radio frequency and infrared) or cable-based data transfer medium. According to the embodiment of Figure 3, the route P2 is a physical communication route that includes at least two logical communication routes (e.g., P2a and P2b). As described in more detail below, the P2a route carries data between the switching system (1 02) and the user computer (1 08) for local processing (for example, by programs running on the user computer (1 08). )). As described in more detail below, the P2b route carries data between the switching system (1 02) and the user computer (1 08) for transfer (for example, using a user computer network interface (1 08) for communicate over the network (1 1 2)) to and from the accessed computer (1 10). The input data received from the mouse (1 1 6) and keyboard (1 1 8) are sent along the route P1 to the data switching device (1 04). The switching device (1 04) determines whether the data is to be switched or not along the path P3 to the encryption device (1 06). If a communication session is established in secure mode, the input data can be sent to the encryption device (106) via routes P1 and P3. Alternatively, if a secure mode communication session is not required, the input data along the route P1 can be changed along the route P2a to the user computer (08) for local processing (e.g. by running a program in the user computer (108)). The information to show that it is generated by the user computer (108) is displayed on a screen device (1 14). The information to be displayed can be generated as a result of any program running on the user computer (108) or as a result of the data information received by the user computer (108) from the computer accessed (1 10) over the network ( 1 12). The data can be transmitted and received between the user computer (108) and the computer accessed (1 10). For example, encrypted input data can be sent along the routes P1 and P3 to the encryption device (106). After encryption, the encrypted data is sent over routes P3 and P2b to the user computer (108), where the encrypted data is transmitted via a user computer network interface (108) (not shown) to along routes P4 and P5 to the accessed computer (1 10). This is a safe mode of operation where the encrypted data is not processed locally by the user computer (108). Instead, they are sent to the computer (1 10) accessed for processing, whereby the computer (1 10) can only process the encrypted data when it is decrypted. Alternatively, for example, unencrypted input data may be sent on routes P1 and P2a to the user computer (108) for local processing. After the processing of the input data not encrypted by the user computer (108), it is possible to generate non-encrypted data per program (s) running on the user computer (108) and sent through the network interface of the computer user (108) along routes P4 and P5 to the computer accessed (1 10). Also, the unencrypted input data processed locally on the user computer (108) can be displayed on the display device (1 14). This is an unsafe mode of operation, where the input data is processed directly by the computer (108). The data that is generated by the accessed computer (1 10) can be encrypted or not encrypted based on the requirements of a user and the needs of secure data transmission over the network (1 12). For example, the unencrypted data received from the accessed computer (1 10) that is directed to a program running on the user computer (108) can be processed locally by the user computer (108) through the program to which they are directed. the data. The unencrypted data received from the computer accessed (1 10) and processed locally by the user computer (108), can then be presented to the user on the screen device (1 14). Alternatively, for example, the encrypted data generated by the accessed computer (1 10) for eventual processing by the user computer (108) may be sent on the routes P5 and P4 to the user computer (108). These encrypted data are directed towards the switching system (102). Accordingly, when the encrypted data is received by the network interface of the user computer (108), the encrypted data is transmitted along the route P26 to the switching system (102) and the switching device (104). In the switch (104), the encrypted data is received and sent to the encryption device (106) on the P3 route, where the encrypted data is decrypted. After this decryption process, the decrypted data is sent on the route P3 to the switch (104), where the decrypted data is sent on the route P2a to the user computer (108). The decrypted data is then processed locally on the user computer (108) for the purpose of being displayed on the screen (1 14). Figures 4A and 4B illustrate operational flow diagrams of the encryption operation mode according to one embodiment of the invention. These flowcharts are described in association with the secure data communication system (100) shown in Figure 3. In step 202, encryption device (106) is connected to the switching device (104) by means of a connector, wireless link, or other appropriate coupling or communication means (not shown) to form the switching system (102). This may not be necessary if the encryption device (106) and the switching device (104) were previously integrated into a single unit. The switching system (102) can be connected between the user computer (108) and input devices (1 16) and (18) by means of universal serial bus (USB) connections and / or other means and protocols of connectivity For example, the input data from the mouse (1 16) and the keyboard (1 18) can be connected to the switching system (102) on a USB connection, as indicated by the communication path P1. Similarly, the connectivity between the switching system (102) and the user computer (108) can also be achieved via a USB connection as indicated by the communication path P2. If the encryption device (106) is a removable device that is attached to the switch (104), it can incorporate a variety of coders to establish connectivity. Once joined, the encryption device (106) exchanges data between the switch (104) on the communication path P3. In step 204, once the switching system (102) is connected between the input devices (1 16) and (1 18) and the user computer (108) (step 202), the user can load an application program on the user computer (108) to provide secure data communication between the user computer user (108) and the accessed computer (1 10). Once the application program is loaded (step 204), in step 206 the application program communicates with the switching device (104) and the encryption device (106) in order to initiate an authentication process, which it is described in more detail later. The authentication process initiates a secure encrypted data communication session between the user computer (108) and the accessed computer (1 10) via the switching system (102) upon user authentication. In step 206, the application program running on the user computer (108) determines whether the switching system (102) is connected to the user computer (108). If the switching system (102) is connected to the user computer (108), in step 208 the application program asks the user (for example, on the display device (1 14)) to perform the authentication process using the switching system (102). The switching system (102) may include a screen that notifies the user to initiate the authentication process. For example, in addition to the application program (on the user computer (108)) requesting the user through the screen (1 14), the switching system (102) can incorporate a screen that notifies the user to place his index finger on a fingerprint detection pad in communication with or incorporated in the switching system (102). The switching system will then determine whether the user is an authorized user based on a scanned fingerprint. This authentication process is illustrated in steps 209a, 209b and 209c. Once the fingerprint is detected (step 209a), it is compared, in step 209b, with a stored reference fingerprint that is associated with the user assigned to the switching system (102) (e.g., the authorized user to use the device). If there is a match between the scanned fingerprint and the reference fingerprint, the switching system (102) authenticates the user (step 209c). If in step 210 it is determined that the user has been successfully authenticated (e.g., fingerprint detection), in step 212, the switching system (102) communicates with the application program that is running on the user computer (108), and informs you that the user has been authenticated. If in step 210 it is determined that the user has not been authenticated, the application program running on the user computer (108) will continue to request the user to proceed with the authentication process using the switching system (102), as indicated by steps 208 and 209. Other authentication means may be incorporated in the switching system (102) in addition to or as an alternative to the biometric means described above. For example, within the switching system (102), a protected password entry function and / or personal identification code (PI N) can be used.
Once the application program running on the user computer (108) receives confirmation from the switching system (102) that the user has been authenticated, in step 214 the application program communicates a request for transmission of secure data to the switching system (102). After this request has been received by the switching system (102), then, as shown in Figure 4B in step 216, the entered data received from the mouse (1 16) and from the keyboard (1 18) in the switching system (102) are sent to the encryption device (106) for encryption by means of the switch (104) and of the communication paths P1 and P3. In this way, the input data is restricted to reach the user computer (108) without being encrypted when a secure communication session is used. In step 220, the switching system (102) sends the encrypted data to the user computer (108) by means of a connector with universal serial bus (USB) to redirect them to the accessed computer (110). For example, the encryption device (106) can format the encrypted data in a network packet according to a network protocol recognized by the network interface of the user computer (108) and the accessed computer (110) (e.g. , Ethernet) and directs this network packet to the accessed computer (110). Then the network packet is sent via the switch (104) to the user computer (108) along the communication paths P3 and P2b. Although the connectivity between the switch (104) incorporated within the switching system (102) and the user computer (108) is established by USB, other physical connectors and transmission protocols can also be used to couple data between the system switch (102) and the user computer (108). In step 222, the USB connection on the user computer (108) receives the network packet and, since the network packet is not addressed to the user computer (108), the network packet is provided to the user interface (108). network of the user computer (108) for transmission over the network (1 12) to the destination to which it is addressed, for example, the application program running on the accessed computer (1 10). In step 224, the application program that is running on the accessed computer (1 10) to which the network packet is addressed, receives and processes the encrypted input data contained in the packet. The application program that is running on the accessed computer (1 10) may be associated with the application program running on the user computer (108), whereby the application program running on the accessed computer (1 10) processes the input encrypted data received from the switching system (102), and the application program running on the user computer (108) receives this processed data from the accessed computer (1 10) and acts on them (for example). example, shows them). Once the accessed computer (1 10) receives the input encrypted data, the application program on the accessed computer (1 10) decrypts this data. The input data may include a mouse click that selects an option on a displayed web page associated with an internet site run by the application program on the accessed computer (1 10). The web page can be accessed locally and displayed on the screen (14) associated with the user computer (108). The input data can also include data from the keyboard to enter one or more fields of the accessed web page. Generally, any data coming from a peripheral device that can exchange data with the website or with the application program that is running on the accessed computer (1 10) can constitute input data. In step 226, the application program running on the accessed computer (1 10) processes the decrypted input data. Based on the input data, this application program generates response data for use by the application program that is running on the user computer (108). For example, if the encrypted input data includes a mouse click on a particular feature or option of the webpage associated with the internet site that is running on the accessed computer (1 10), the application program on the accessed computer (1 10) processes the mouse click generating website graphics associated with the option selected by the user. Thus, the application program on the accessed computer (1 10) responds to the input data by processing them and generating graphics associated with the input data. This response data (eg, graphical data) is encrypted and transmitted over the network (1 12) to the switching system (102) (via the network interface of the user computer (108)) for processing eventual deployment in the application program that is running on the user computer (108). The encrypted response data is received by the network interface of the user computer (108) and since the data is directed to the switching system (102), and not to the user computer (108), the network interface passes the data to the USB port of the user computer (108) and in the switching system (102), as indicated by the communication paths P5, P4, and P2b. In step 228, the switch (104), which is incorporated within the switching system (102), sends the encrypted response data to the encryption device (106). In the encryption device (106), the encrypted response data is decrypted and sent back to the switch (104) (route P3). The switch (104) sends the decrypted response data to the USB connection of the user computer (108) along the P2 route or, where the decrypted response data is processed by the application program running in the user computer (108). The application program then displays the decrypted response data on the display device (1 14) (communication path P6). The various steps illustrated in the embodiments of Figures 4A and 4B illustrate that during the encryption operation mode, the generated input data is encrypted before being received by the user computer (108). This is illustrated in the communication routes P1, P3, P2a. Thus, according to the modalities shown in Figures 3, 4a and 4b, these encrypted data are not processed locally by the user computer (108). They are transmitted over a communication network to a secure remote site, for example, the computer accessed (1 10), for processing. On the accessed computer (1 10), the data is decrypted and processed as shown in communication routes P4 and P5. Once processed, response data are generated, which are encrypted and transmitted back through the user computer (108) to the switching system (102). Only after decryption by the switching system (102) the response data is sent to the user computer (108) for display to the user. This ensures that the response data is sent from an authenticated source from which the user is waiting for data. The user computer (108) can only process the response data as well as to show the results of the processing carried out on another computer, for example, the computer accessed (1 10). This provides a secure bidirectional link, where processing is carried out in a secure location in direct response to the securely transmitted input data. The application program running on the user computer (108) can be downloaded to the user computer (108) from the accessed computer (1 10) or it can be stored and executed on the user computer (108) from a storage device inside. of the switching system (102). Once it has been downloaded, the application program, for example, can execute the authentication routine locally on the user computer (108). Alternatively, for example, the authentication routine executed by the application program can be accessed from the accessed computer (1 10), instead of locally from the user computer (108). According to another embodiment, the application program running on the user computer (108) can be accessed and run completely from the encryption device (106). Figures 5 through 8 are flow diagrams showing the effects of different application programs running on the user computer (108) becoming active in the safe mode of operation according to one embodiment of the present invention. These effects are described with the help of the modality illustrated in Figure 3. During the safe operation mode of the system (100), the application program running on the user computer (108) initially facilitates the authentication process before the encrypted input data is transmitted to the accessed computer (1 10) over the network (1 12). After authentication, the application program in safe mode that is running on the user computer (108) is the active application (for example, as indicated by a window associated with this application program that is shown as the active window, in the display device (14) Subsequently, the window associated with this application program may or may not be "focused", (for example, shown as the active window), based on whether the user on the user computer (108). ) has decided to work with an application program different from the one running on the user computer 108. Figure 5 is a flow diagram showing a manner in which a data communication system of the invention can operate when the application program in safe mode that is running on the user computer (108) stops being the active application, for example, after the application program in safe mode has been loaded and the authenticated user, the user can change to work with another application program that is running on the user computer (108). In step 300, the secure mode application program running on the user computer (108) receives an indication that focus in the window has been lost. For example, the application program in secure mode may receive a notification from the operating system on the user computer (108) indicating that the application has lost the window focus. Then, in step 310, the secure mode application program running on the user computer (108) sends an indication to the switching system (102) that the safe mode has been exited. Accordingly, in step 320, the switching system (102) allows input data from the input devices (1 16) and (1 18) to flow through the communication path P2a to the user computer ( 108) deciphered. Figure 6 is a flow chart showing a way in which a data communication system of the invention can operate when the secure mode application program is restarted on the user computer (108). For example, after the secure mode application program has been loaded and the user authenticated, the user can change to work with another application program that is running on the user computer (108), causing the application program to Safe mode lose focus on advantage and continue running in the background. After this, the user on the user computer (108) can restart the application program in safe mode by choosing to work with it again and making it to be the active application again. In step 330, the secure mode application program running on the user computer (108) receives an indication that the window approach has been obtained. For example, the application program in safe mode can receive a notification of the operating system on the user computer (108) indicating that the application has obtained the window approach. Then, in step 340, the secure mode application program running on the user computer (108) sends an indication to the switching system (102) that it has entered safe mode. Accordingly, in step 380, the switching system (102) sends input data from the input devices (1 16) and (1 18) to the encryption device (106) for encryption and then sends the data input encrypts through the communication path P2b to the user computer (108) for transmission to the accessed computer (1 10) over the communication routes P4 and P4 and the network (1 12).
Another way in which a data communication system of the invention can operate when the secure mode application program is restarted on the user computer (108) is shown in the flow chart of Figure 7. The steps in the figure 7 which have the same reference numerals as the steps of figure 6 are made in the same way described here in the above in connection with figure 6. In figure 7, after the application program in safe mode receives the indication that it has obtained the approach (step 330) and notifies the switching system (102) that it has entered safe mode (step 340), the processing may continue with step 360 where, before entering secure mode , the switching system (1 02) tries to authenticate the user again, for example, in the same way as previously described in connection with steps 209a, 209b, and 209c of Figure 4A. In step 370, the switching system (1 02) determines whether the user has been authenticated. If this determination is negative, the processing returns to step 360 where the user is again invited to authenticate. If this determination is positive, then the processing proceeds to step 380, as described above in connection with Figure 6. Figure 8 shows a flow diagram illustrating another way in which a data communication system can operate. the invention when the application program in safe mode is restarted in the user computer (108). The steps of figure 8 having the same reference numerals as the steps of figures 6 and 7 are performed in the same manner described here in the foregoing in connection with those figures. In Figure 8, after the application program in secure mode receives the indication that it has obtained window focus (step 330) and notifies the switching system (102) that it has entered safe mode (step 340), the processing may proceed to step 350 where, before entering secure mode, the switching system (102) determines whether a predetermined time interval has elapsed. This time interval can be established at the time of manufacture or can be set by the user. If this determination is negative, then the processing may proceed to step 380. If this determination is positive, then the switching system (102) attempts to authenticate the user again before entering secure mode, as described above in connection with Steps 360 and 370 of Figure 7. Figure 9 is a block diagram illustrating the components of a switching system according to an embodiment of the present invention. The switching system (400) includes a processor (402) (for example, MC9328MXL offered by Freescale Semiconductor, Inc.), memory device (404) (for example, PSRAM and flash memory), a screen (406) ( for example, to a color OLED screen), a fingerprint reader (408) (for example, the FingerChip® AT77C104B offered by Atmel), an audio encoder / decoder (410) (for example, the VS1002D offered by VLSI). Solution Oy), external connectors (412), and a USB 414 driver device (for example, the CYC67200 offered by Cypress Semiconductor Corp.). As further described below, the processor (402) executes the functions of the aforementioned switching system (e.g., switching, encryption, and decryption) based on the programming stored in the memory device (404). As further described below, the processor (402) also coordinates the activities of the other components of the switching system (400). A control program (referred to as the Switching System Control Program or SSCP) also stored in the memory device (404), controls the activities of the processor (402), as described in more detail below. The processor (402) includes a module with a composite USB device that is configured to allow the processor (402) to function as a USB device capable of a plurality of different functionalities. Each of these functionalities can be of the standard class of the USB device. For example, as described in more detail below, once processor (402) is connected to the USB server, this Module with USB device makes it possible for the processor (402) to be recognized (for example, by the USB server) and to work as a USB mass storage device and a USB communication device (for example, an Ethernet emulation device).
The screen (406) provides the user of the switching system a screen to receive various notifications. For example, the screen (406) may request the user to place his index finger on the fingerprint reader (408) (for example, "Place the index finger on the reading pad"). The screen 406 may also provide the user with status information regarding the establishment of a connection between itself and the user computer (e.g., "Detected connection failure"). The memory device (404) provides memory storage for the switching system (400). As mentioned above, the memory device (404) stores the programming to be executed by the processor (402). Also the memory device (404) can store read fingerprint data, various encryption / decryption program data, buffered data storage, control program data, and other data. The fingerprint reader (408) may include a fingerprint detection pad and a reader that generates data associated with a user's fingerprint (e.g., stored in the memory device (404)). During authentication, the scanned fingerprint can be compared to an authentic copy of the user's fingerprint. Authentication can be considered complete when the authentic copy and the read copy of the user's fingerprint are identical or correlated.
The audio encoder / decoder (410) can provide the user with various related audio options. For example, the voice data received from one of the external connectors (412) can be encoded and digitized by the device (410) as a voice data file. The voice data can be stored in the memory (404) and transmitted over a communication network to another computer. They can also be transmitted directly to the remote location after the coding process in the device (410). The encoder / decoder (410) can also be used to process stored files (e.g., in memory (404)) or downloaded audio files (e.g., MP3 music files) for playback. The external connectors (412) may include USB sockets, a microphone input, and / or an audio output (eg, a headphone jack). For example, decoded music files stored in memory (404) can be output to a headphone jack. The USB controller device (414) functions as a USB hub that connects the processor (402) and one or more input generating devices (eg, mouse and, keyboard) to the user computer (108) (Figure 1). The detail of the controller device (414) is shown in figure 10. The controller device (414) includes a first USB port (430) with a corresponding serialization interface device (SIE) (431), a second USB port (432). ) with a corresponding SIE (433), a general purpose input and output interface (GPIO) (436), and a processor (438). The USB port (430) provides connectivity between the controller (414) and the user computer (108). Similarly, the USB port (432) connects the input devices (1 16) and (1 18) (e.g., mouse and keyboard) with the controlling device (414). The processor (402) communicates with the controller device (414) via the GPIO interface (436). The processor (402) sends and receives data (e.g., input data, control data, and application data) to and from the controller (414) via the GPIO interface (436). The switching system (400) can be further explained by reference again to Figures 4A through 6 above, and elaborated in the flow diagram presented in the context of the switching system (400). With reference to figure 4A, in step 202, the switching system is connected to the user computer and the input devices. Once it is connected, the user computer (108) (which includes a USB server system in this mode) recognizes the switching system (400) as a USB hub to which a composite USB device (which includes a storage function) is attached. mass by USB and an Ethernet emulation device function by USB, as mentioned above). The user computer (108) also recognizes input devices (1 16) and (18), since the USB input devices are attached to this hub. Once the switching system (400) is connected, the Switching System Control Program (SSCP) is started in the processor (402). In addition, once the switching system 400 is connected, multiple logical communication channels are established, for example, one or more USB conduits corresponding to each USB device. In the context of the switching system (400), the logical communication paths P2a and P2b, mentioned above, correspond to all channels associated with devices of the Human Interface Device (HI D) class (for example, input devices ( 1 16) and (1 18)) and to the channels associated with the function of the Ethernet emulation device, respectively. When connected first, the switching system (400) operates in non-secure mode. In this mode, the processor (438) of the USB controller instructs SI E (433) to direct the data it receives from the I / O port (432) (for example, the input data received from the input devices (1 16) and (1 18) connected to the I / O port (432)) with the SIE (431), which sends this data through the I / O port (430) to the USB server system in the user computer (108). In step 204, the application program is loaded in secure mode to be executed on the user computer (108). As mentioned above, this application program may be stored in the memory device (404) of the switching system (400). As such, the application program could be presented (for example, by the operating system file system of the user computer (108)) to the user as an executable file stored in the USB mass storage device. The user on the user computer (1 08) can then load the application program in a conventional manner associated with the operating system of the user computer (1 08) (for example, by double-clicking on an icon representing the file corresponding to the program of application). In step 206, the secure mode application program running on the user computer determines whether the switching system is connected. This can be achieved by the application program in safe mode by making a query about the presence of the switching system (1 02) (Figure 3) by means of a USB driver incorporated within the switching device (1 04) (Figure 3) . The application program is in communication with the remote system (1 1 0) (Figure 3) during the connection and authentication processes associated with the switching system (1 02) (Figure 3). After the secure mode application program running on the user computer requests the user to authenticate using the switching system (step 208), the switching system attempts to authenticate the user in accordance with steps 209a, 209b, and 209c. This can be achieved by the Control Program of the Switching System by loading an authentication program stored in the memory device (404) to cause the processor (402) to perform steps 209a, 209b, and 209c in the manner previously described with the processor (402) using the screen (406) to notify the user and using the fingerprint reader (408) to obtain fingerprint data of the user. In step 21 2, the switching system informs the application program in safe mode that it is running on the user computer that the user has been authenticated. This can be achieved through the Control Program of the Switching System by sending an indication to the application program in safe mode that is running on the user computer (108). In step 214, the application in secure mode that is running on the user computer requires that the safe mode be started. This can be achieved through the application in safe mode that is running on the user computer (1 08) by sending an indication to the Control Program of the USB Switching System (ie, P1 link). Upon receiving this request to start the safe mode, the Control Program of the Switching System sends an instruction through the GPIO interface (436) to the USB controller processor (438) ordering it to go into safe mode. The USB controller processor (438) then instructs SI E (433) to stop the data routing to the IS E (431) and instead direct the data from the USB port (432) to the processor ( 402) via the GPIO interface (436). This change in routing is achieved without changing the USB status status of the input devices connected to the I / O port (432). Accordingly, for the USB server system on the user computer (108), the USB input devices (for example, mouse (1 16) and keyboard (1 18)) appear as connected and fully operational even though, while the safe mode lasts, the data that comes from them will not be allowed to flow upstream to the USB server system. If desired, the USB controller processor (438) can be configured in such a way that it recognizes the order to go into secure mode only if the command is received over a particular communication path, for example, the GPIO interface (436). This is advantageous because it increases the probability that the order to enter secure mode is received from the processor 402 instead of being received from a malicious program resident in the user computer. Referring now to Figure 4B, in step 216, the input data is received by the switching system and directed to the encryption device for encryption. In the context of the switching system (400), during the secure mode, the data coming from the input devices (1 16) and (1 18) are received through the I / O port (432) through the SIE ( 433) and are sent over the GPIO (436) to the processor (402). The Control Program of the Switching System running in the processor (402) then executes an encryption program from the memory device (404) to encrypt the data. In step 220, the switching system formats the encrypted data as a network packet and sends it to the user computer. In the context of the switching system (400) (Figure 9), the Switching System Control Program receives the encrypted data from the encryption program and instructs the USB Ethernet emulation device class function to send the data encrypted to the IP address of the accessed computer (1 10). The assignment of the IP address to which the encrypted data is sent is carried out by the Dynamic Server Configuration Protocol (DHCP) in the remote access system (1 10) (Figure 3). The USB Ethernet emulation device class function formats the encrypted data according to the Ethernet protocol and encapsulates this Ethernet packet as USB data and sends these USB over the Ethernet packet (containing the encrypted input data) to the server system USB of the user computer (108). In step 222, the network packet is sent to the application program in secure mode that is running on the accessed computer. In the context of the modality involving the switching system (400), the USB server system of the user computer (108), upon receiving the Ethernet packet, it passes it to the network interface of the user computer (108) for transmission over the network (1 12) to the accessed computer (1 10). After the accessed computer (1 10) receives the Ethernet packet (step 224), it decrypts and processes the encrypted input data contained therein to generate a response, encrypts the response, and transmits the encrypted response to the switching system (step 226). In step 228, this encrypted response is received and decrypted by the switching system and sent to the application program running on the user computer to take an action. In the context of the embodiment of the invention involving the switching system (400), an Ethernet packet containing the encrypted response of the accessed computer (1 10) arrives at the network interface of the user computer (108). Since this Ethernet packet is addressed to the USB Ethernet emulation device class function of the switching system (400), the Ethernet packet is passed to the USB server system of the user computer (108), which wraps this Ethernet package in a USB package to transport it over the USB. This USB packet is received in SIE (431) and sent to the USB Ethernet emulation device class function that is running in processor (402) via the GPIO interface (436). In the processor (402), the USB Ethernet emulation device class function extracts the encrypted response data from the Ethernet packet and passes it to the Switching System Control Program which loads a decryption program from the device of memory (404) to decipher the response. The Control Program of the Switching System sends the decrypted response data to the application program in safe mode that is running on the user computer (1 08). The communication between the Control Program of the Switching System and the application program in safe mode that is running on the user computer (108) is about USB. The application program in safe mode that is running on the user computer (1 08) sees the switching system as a USB Ethernet device and communicates with it via an Ethernet over the USB interface. As mentioned above, Figures 5 and 6 describe the effects of different applications running on the user computer (108) that become active in the safe mode of operation according to one embodiment of the present invention. As previously mentioned, Figure 5 is a flow chart showing a way in which a data communication system of the invention can operate when the application program in safe mode is running on the user computer (1 08) it stops being the active application. With reference to Figure 5, the secure mode application program running on the user computer (08) receives an indication that it has been lost in window focus (step 300). Then, in step 31 0, the secure mode application program running on the user computer (1 08) sends an indication to the switching system (1 02) that the safe mode has been exited. In the context of the embodiment of the invention involving the switching system (1 02), this can be achieved by the application program in safe mode, which sends an indication to the Control Program of the Switching System, which has been left the safe mode. This can be achieved by means of the communication channel at the USB termination, where the switching system (1 02) (ie, the terminating device) is identified as an Ethernet device by the USB controller interface with the computer user (1 08) (that is, USB server device). In step 320, the switching system allows input data coming from the input devices to flow through the communication path P2a to the unencrypted user computer. In the context of the switching system (400), sends an instruction by means of a GPIO (436) to the USB controller processor (438) ordering it to enter unsafe mode. The processor of the USB controller (438) then instructs the IS E (433) to direct the data it receives from the I / O port (432) to the IS E (431), which sends this data through the port from I / O (430) to the USB server system on the user computer (1 08). As previously mentioned, Figure 6 is a flow chart showing a way in which a data communication system of the invention can operate when the application program in safe mode is rebooted in the user computer (1 08). With reference to Figure 6, after the application program in safe mode running on the user computer (108) receives an indication that the window approach has been obtained (step 330), it sends an indication to the system switch that has entered safe mode (step 340). In the context of the embodiment of the invention involving the switching system (400), this last step can be executed by the application program in safe mode by sending an indication to the Control Program of the Switching System that has been entered into. Safe Mode. Then, in step 380, the switching system sends the input data from the input devices to the encryption device for encryption and then sends the input encrypted data through the communication path P2b to the user computer for its transmission to the computer accessed. In the context of the switching system (400), this can be achieved by the Control Program of the Switching System by sending an instruction via the GPIO interface (436) to the USB controller processor (438) ordering it to be put into Safe Mode. The USB controller processor (438) then instructs the SIE (433) to stop sending the data to the SIE (431) and instead direct the data coming from the USB port (432) to the processor (402) through the GPIO interface (436). The input data of the input devices (1 16) and (1 18) are then sent to the Control Program of the Switching System for their encryption and sent to the accessed computer (1 10) in the same way described here in the above. Figures HA and HB illustrate alternative embodiments of systems incorporating the switching system (102) (Figure 3). In Figure 11A, a network interface (502) ordinarily incorporated within a computer (for example, the computer (108) shown in Figure 3) can be integrated into the switching system (504). In this mode, the encrypted data is sent directly over the network (506) to the remote server or computer (508) for processing. If the device (504) is used to access another internet site that does not have encryption / decryption and / or authentication requirements, it will operate in non-secure mode. In non-secure mode, the data received from another site via the interface (502) may be sent by the switching device (512) to the encryption device 505. In the encryption device 505, the received data may be processed (without encryption). / decrypted) by the encryption device and sent to the display device (510) by means of the switch (512). For example, the encryption device (505) may include an internet search engine to provide internet access. The data of the accessed web page is sent from a remote server (for example, the computer (508)) over the communication network (506) to the switching system (504), where the data is received by the interface ( 502). From the interface (502), the data received from the web page is sent by the switch (512) to the encryption device (505). The data of the web page is then processed by the search engine program that is running on the encryption device (505) before being sent by the switch (512) to the display device (51 0). Yes, despite this, the device (504) is used in secure mode, once the encryption device (505) decrypts the encrypted data received from the remote computer (508), the decrypted data received can be displayed on the screen device (51 0). The display device (510) may include a screen handler (eg, a VGA card) and a monitor, which is connected to the security device (504). In Figure 1 1 B, the security device (516) is identical to that of the security device (504) (Figure 1 1 A), except that the device (51 6) (Figure 1 1 B) includes a screen device integrated. The integrated display device may be incorporated within the encryption device (51 8) (see also figure 4, screen (406)). Alternatively, a dedicated security device may be directly attached to the security device (51 6). Both security devices (504) and (51 6) shown in FIGS. 1 1 A and 1 1 B, respectively, may include a plurality of display controllers for use with different external display devices. Each device (504), (516) may therefore incorporate one or more external connectors to support connectivity with these display devices. While the invention has been described and illustrated in connection with preferred embodiments, many variations and modifications may be made, as will be apparent to those skilled in the art, without departing from the spirit and scope of the invention, and the invention accordingly , is not limited to the precise details of the construction methodology set out in the foregoing, so it is intended that the variations and modifications are included within the scope of the invention. Except to the extent necessary or inherent in the processes themselves, no particular order is involved in the steps or stages of the methods or processes described in this description, including the figures. In many cases, the order of the steps of the process can be varied without changing the purpose, effect or meaning of the described methods.

Claims (9)

1 . A method for communicating data, comprising: receiving data from one or more input devices; transmit the data to a first computer, if a first indication that a first mode of communication has been selected has been received from the first computer; and transmitting the data to a second computer, if a second indication that a second mode of communication has been selected has been received from the first computer. The method of claim 1, further characterized in that the first computer sends the first indication in response to a user activating the first application program on the first computer; and further characterized in that the first computer sends the second indication in response to the user activating a second application program on the first computer. The method of claim 1, comprising: receiving a response to the data transmitted from the second computer, if the second indication has been received from the first computer; and transmit the received response to the first computer, if the second indication has been received from the first computer. The method of claim 3, further characterized in that transmitting the data to a second computer includes transmitting the data to a second computer using a network interface of the first computer, and further characterized in that receiving a response includes receiving a response to the input data transmitted from the second computer using the network interface of the first computer. The method of claim 1, further characterized in that transmitting the input data to a second computer includes: encrypting the data; and transmit the encrypted data to the second computer. The method of claim 3, further characterized in that the response received from the second computer is encrypted, and further characterized in that transmitting the received response to the first computer includes: deciphering the received response; and transmit the decrypted received response to the first computer. 7. A system for communicating data, comprising at least one first computer programmed to: receive data from one or more input devices; transmit the data to a second computer, if a first indication that a first mode of communication has been selected has been received from the second computer; and transmitting the data to a third computer, if a second indication that a second mode of communication has been selected has been received from the second computer. The system of claim 7, further characterized in that the second computer sends the first indication in response to a user activating the first application program on the second computer; and further characterized in that the second computer sends the second indication in response to the user activating a second application program on the second computer. The system of claim 7, further characterized in that the first computer is programmed to: receive a response to the data transmitted from the third computer, if the second indication has been received from the second computer; and transmit the received response to the second computer, if the second indication has been received from the second computer. The system of claim 9, further characterized in that the first computer is programmed to: transmit the data to the third computer using a network interface of the second computer; and receive the response to the data transmitted from the third computer using the network interface of the second computer. eleven . The system of claim 7, further characterized in that the first computer is programmed in such a way that transmitting the data to a third computer includes: encrypting the data; and transmit the encrypted data to the third computer. The system of claim 9, further characterized in that the response received from the third computer is encrypted, and further characterized in that the first computer is programmed in such a way that transmitting the received response to the second computer includes: decrypting the received response; and transmit the decrypted received response to the second computer. 1 3. A method for providing data communication over a communication network using an encryption device, the method comprising: encrypting first data based on the encryption device that authenticates a user, wherein the first encrypted data is sent from the encryption device to an interface associated with a first computer for transmission to a second computer; decipher the first encrypted data on the second computer and generate second encrypted data in response to the first deciphered data; sending the second generated encrypted data to the interface associated with the first computer for transmission to the encryption device; and deciphering in the encryption device the second encrypted data sent, received by means of the interface associated with the first computer; further characterized in that the first computer executes an operation based on the second deciphered data. The method according to claim 1, further characterized in that user authentication includes loading an application program to initiate an authentication process. The method according to claim 14, further characterized in that the authentication process includes the loaded application program that provides the connection state between the encryption device and the first computer. The method according to claim 1, further characterized in that the authentication process includes reading and detecting a fingerprint pattern associated with the user upon receipt of a request generated by the application program. The method according to claim 1, further characterized in that the second deciphered data includes displaying the data generated in response to the first data processed by the second computer. The method according to claim 1, further characterized in that the interface includes an interface with universal serial bus (USB) and a network interface. 9. The method according to claim 13, further characterized in that the first data is generated by a keyboard. 20. The method according to claim 13, further characterized in that the first data is generated by a mouse. twenty-one . The method according to claim 13, further characterized in that the first data is generated by a peripheral device. 2
2. A method for providing data communication between a first and a second computer over a communication network using an encryption device coupled to the first computer, the method comprising: encrypting first data in the encryption device based on a program of application associated with the data communication that is active, wherein the first encrypted data is sent from the encryption device to an interface associated with the first computer for transmission to the second computer; decipher the first encrypted data on the second computer and generate second encrypted data in response to the first deciphered data; sending the second generated encrypted data to the interface associated with the first computer for transmission to the encryption device; and deciphering in the encryption device the second encrypted data sent, received by means of the interface associated with the first computer; further characterized in that the encryption device provides the second deciphered data to the first computer for disposition by the first computer. 2
3. The method according to claim 22, further characterized in that the first data is generated by a keyboard. 2
4. The method according to claim 22, further characterized in that the first data is generated by a mouse. 2
5. The method according to claim 22, further characterized in that the first data is generated by a peripheral device. 2
6. The method according to claim 22, further characterized in that the application program resides on the first computer and communicates with a second application program resident on the second computer, further characterized because the second application generates the second data and the second computer. application program on the first computer shows the second decrypted data. 2
7. The method according to claim 22, further characterized in that the application program resides in the encryption device and communicates with a second application program, further characterized in that the second application generates the second data and the application program in the encryption device shows the second deciphered data. 2
8. The method according to claim 22, further characterized in that the communication network includes the internet. 2
9. The method according to claim 22, further characterized in that encrypting first data includes encrypting first data in the encryption device based on a window associated with the application program that is focused. 30. A secure system for generating secure data transmission over a communication network between a first computer and a second computer, the device includes: a switching device adapted to receive first data from one or more input devices; an encryption device adapted to receive the first data sent from the switching device to encrypt the first received data based on an application program associated with the secure data transmission that is active; an interface associated with the first computer adapted to receive the first encrypted data for transmission over the communication network to the second computer, wherein the second computer receives the first encrypted data and generates second encrypted data; and a display device associated with the first computer; further characterized in that the second decrypted data generated in the second computer is received by the interface from the communication network and sent to the switch to be sent, further characterized in that the switch sends the decrypted second data to the encryption device to decrypt the second data Once decrypted, the switch sends the decrypted second data from the encryption device to the first computer to display them on the screen device. 31 The device according to claim 30, further characterized in that the interface includes a network interface. 32. The device according to claim 30, further including a biometric authentication device in communication with the application program that requests the user to perform an authentication process, further characterized in that the encryption device authenticates the user before encrypting the input data. 33. The device according to claim 30, further characterized in that the biometric authentication device includes a fingerprint reader. 34. The device according to claim 30, further characterized in that the switch device includes a USB controller to provide data switching between the one or more input devices, the first computer, and the encryption device. 35. A method for providing security to an application in communication with a server that receives inputs from an input device that works with a client computer and displays information on a display device that works with the client computer, the method comprising: encrypting data related to the application entered through the input device without providing the data entered unencrypted to the client computer; transmit the encrypted data over a network to the server; decipher the encrypted data transmitted to the server; act with the server on the decrypted data and provide data to display on the client computer; transmit the data provided by the server to display them on the display device of the client computer; and display on the screen device the transmitted data provided by the server. 36. The method according to claim 35, which comprises encrypting the data provided by the server before transmitting this data to the client computer, decrypting this data after transmission and before displaying it, and displaying the decrypted data in the device. of the client computer screen. 37. The method according to claim 36, further characterized in that the encrypted data transmitted to the client computer is decrypted independently of the client computer and this decrypted data is provided to the client computer for display on the display device. 38. The method according to claim 35, further characterized in that the input device includes a keyboard. 39. The method according to claim 35, further characterized in that the input device includes a pointer. 40. A method for a client computer to interact with a plurality of applications and to provide security to at least one application of the plurality of applications that communicate with a server that receives inputs from an input device that works with the client computer, the method comprises: if the at least one application includes a window that focuses on the client computer: encrypt data relating to the at least one application entered through the input device without providing the data entered unencrypted to the client computer; transmit the encrypted data over a network to the server; decipher the encrypted data transmitted to the server; operate through the server on the deciphered data and provide data for the client computer to operate on them; transmit the data provided to the client computer; and operate through the client computer on the data supplied; or provide data entered by means of the input device to the client computer without encryption for disposition by the client computer. 41 The method of claim 40, comprising encrypting the data relating to the selected application in a device coupled to the input device and the client computer. 42. The method of claim 41, comprising coupling a keyboard output to an output of the device that is coupled to the client computer for operation with the at least one active operation when the window associated with the at least one active operation is focused. . 43. The method of claim 42, which comprises automatically coupling the keyboard output to the output of the device that is coupled to the client computer when the window associated with at least one active application is focused.
MXMX/A/2008/004765A 2005-10-12 2008-04-10 System and method for providing secure data transmission MX2008004765A (en)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
US11249846 2005-10-12

Publications (1)

Publication Number Publication Date
MX2008004765A true MX2008004765A (en) 2008-09-02

Family

ID=

Similar Documents

Publication Publication Date Title
US8250151B2 (en) System and method for providing secure data transmission
KR101130415B1 (en) A method and system for recovering password protected private data via a communication network without exposing the private data
US7469343B2 (en) Dynamic substitution of USB data for on-the-fly encryption/decryption
US9313201B2 (en) System and method of performing electronic transactions
EP2332089B1 (en) Authorization of server operations
US20030070069A1 (en) Authentication module for an enterprise access management system
US8572370B1 (en) Accessing a remote virtual environment without user authentication
KR101617318B1 (en) Method and apparatus for inputting data
JP2009157781A (en) Remote access method
CN111585976B (en) Communication method, communication apparatus, storage medium, and electronic device
MX2008004765A (en) System and method for providing secure data transmission
KR101448711B1 (en) security system and security method through communication encryption
KR101368772B1 (en) Method and Device for Protecting Key Input
KR20190026327A (en) Method and system for encryption and decryption using wearable terminal
JP2018201090A (en) Authentication system, and authentication server device